We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:DOS/Ramnit.A
Aliases: Rootkit.Boot.Nimnul.a (Kaspersky) BOO/Rabbit.B (Avira) Rootkit.MBR.Ramnit.A (Boot image) (BitDefender) MBR.Rmnet.1 (Dr.Web) Win32/Ramnit.A virus (ESET) BOOT/Nimnul.A!tr.rkit (Fortinet) Rootkit.Boot.Nimnul (Ikarus)
Summary
Windows Defender detects and removes this threat.
DOS/Ramnit.A is the malicious Master Boot Record (MBR) dropped by variants of the Ramnit family, in particular, Virus:Win32/Ramnit.AC.
You need to use the free tool Windows Defender Offline to fully clean your PC:
The following articles may help if you're having trouble getting the tool to work:
- Windows Defender Offline: frequently asked questions
- Microsoft's Free Security Tools - Windows Defender Offline
After you've used Windows Defender Offline, you should make sure your security software is up to date and run a full scan:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
You can also visit the Microsoft virus and malware community for more help.
